Between the Lines: Takeaways from RSA Conference 2018 and How They Apply to the Future of Enterprise Security

This year’s RSA Conference was buzzing. Everywhere you turned, thought-provoking discussions on the security industry’s biggest challenges were taking place. Although the seriousness of this past year’s proliferation of cyberattacks hung in the air, there was no doubt that the mood was upbeat and there was a lot of positive momentum.

After taking a breath to process the content and conversations I enjoyed at RSA Conference 2018, I’d like to share five key takeaways:

The Skills Shortage Is Real 

One theme transcended sessions: The industry is remarkably deficient in qualified workers at a time when we need them the most. If predictions hold, cybercrime damage will top $6 trillion annually by 2021, and as multiple speakers pointed out, this is almost 10% of the world’s economy. That is absolutely staggering! John Stewart, senior vice president, chief security and trust officer at Cisco, also pointed out that by 2020, there will be 3.5 million open cybersecurity positions, and for every job that is filled, two more open up. Compounding the problem is a serious lack of diversity. For example, women only account for 11% of cybersecurity employees.

The good news is that awareness breeds action. I saw company after company working to make cybersecurity an attractive field for workers of all races and genders. There is also tremendous potential for career advancement—and not a lot of people get to say that they fight the bad guys every day. It’s not much of a stretch to see why cybersecurity is already emerging as one of the hottest fields for tech workers.

Automate to Meet the Challenge

While we will always need human power in cybersecurity, the skills shortage requires additional firepower. Digital threats are simply multiplying too quickly to address with manual interventions alone. Last year (2017) was the worst ever in terms of cyberattack volume. At RSA Conference, it was stated that security vulnerabilities are up 20% year-over-year, but the number of people required in the security industry to tackle them is down.

New automated solutions hold promise by successfully running health and security checks across all points and configurations. They can issue routine updates seamlessly and they do it quickly and efficiently so that human workers are free to focus attention where it is needed most. As a result, systems become more secure and resources are used wisely. Whether it’s zero-day exploits, ransomware attacks, malware, or other issues, look for the tools and products that let you automate the tackling of these issues.

Play Well with Others

One thing that I was particularly pleased to see at RSA Conference was the way some of the biggest names in security today are coming together to fight the threats facing our businesses worldwide. Because the impacts and associated costs of cyberattacks are so severe, organizations are putting aside competition to work for the greater good. Consider the new Cybersecurity Tech Accord. More than 30 companies have signed on to “improve the security, stability and resilience of cyberspace.” Brad Smith from Microsoft described this international effort as a sort of Digital Geneva Convention to bring the number of malicious cyberattacks down. It attests to the fact that these organizations recognize that a much bigger threat exists in the security industry than simply losing market share.

There were numerous sessions in the Innovation Sandbox Contest at RSA Conference this year and one of the messages I heard clearly from companies like Cylance and others was that the winners in the industry will recognize early on that they have to play well with others. This means offering open APIs to integrate other security solutions together. With so many available security solutions, every organization is going to run different combinations and configurations of software, applications and tools coming from dozens of vendors. If you don’t have APIs and/or aren’t willing to integrate multiple solutions into your product, you simply will not be successful.

Machine Learning and AI, Machine Learning and AI

Vendors tried to tie machine learning and AI to their solutions any way they could, as if adding these terms would instantly draw attention. The near-mantra of machine learning and AI saving the day was almost overwhelming at the show.

One presentation from OpenText noted that 12% of enterprises have already adopted AI-based security analytics. This shows a legitimate move toward AI adoption, but it also says it’s still a little early. There is a lot of big talk and thinking taking place—as this is clearly where the industry is heading—but the reality is that people are just starting to dip their toes into the AI waters.

Lack of Differentiation

While vendors did a fantastic job on their booth presence (meaning things looked very nice and polished), there was not a lot of true product differentiation. I heard the same buzzwords and language repeatedly used to describe offerings, even when those offerings were markedly different from one another! While this shows the industry is largely aligned on what’s important, there was no sense of what made a company unique or special. 

In the real world, today’s buyers are going to have to work really hard to get past the hype and figure out what a product actually does, what it looks like, where it excels, and where it falls short. This could ultimately extend product evaluations and sales cycles as companies uncover the real use cases for different vendor products. Moving forward, I would encourage companies to break free a bit to highlight their true differentiators so that we see more clear standouts from the growing crowd of vendors at RSA Conference 2019.